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IN THE CLAIMS 

2. (Amended) A method according to claim 45.4-, wherein the configuration service includes a call 
center, step_0)lnvoMng the user passing said user-related information to the configuration 
service during- said first phase J>y communicating with the call center in one of the following 
ways: 

- directly by telephone; 

- directly by an electronic messaging system; 

indirectly through a third party who contacts the call center by telephone; 

indirectly through a third party who contacts the call center by an electronic messaging 

system. 

10. (Amended) A method according to claim 45 9, wherein the_saki authentication process of the 
connectivity unit to the configuration service farther involves a cryptographic-based challenge- 
response interchange conducted between the connectivity unit and cor$guration service. data 
p r oces sin g s y stem-to confirm that the connectivity unit is the possessor of the private key related 
to the public key passed in the identity-sequence certificate whereby to authenticate the unit as the 
one bearing the identity sequence included in the certificate. 

1 1 . (Amended) A method according claim 45.4-, wherein conmiunication 

unit and configuration service in step (C) is effected across a the communications infrastructure 
that comprises a data network to which the data-proeessing-system ^f-the-configuration service is 
connected, and an access network to which the user has a subscriber connection and which 
provides access to the data network through a data-network access point, the p.rpcess_of 
establishing a connection between the connectivity unit and the configuration service in step (C) 
said-second- phase- involving the following sub- steps: 
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(a) - the connectivity unit connects via the user's subscriber connection across the access network 

to the data-network access point using addressing information for the latter held as part of 
said configuration communication parameters; 

(b) - the data-network access point authorises access by the connectivity unit to the data network 

on the basis of a username and password which are included in said configuration 
communications parameters and are passed to the access point by the connectivity unit, the 
data-network access point effecting this authorisation by using the services of an 
authorisation server associated with the configuration service of -said data processing 
syst e m ; 

(c) - upon access being authorised in step (b), the data-network access point assigns an address 

for the connectivity unit on the data network and passes this address to the authorisation 
server which in turn passes it to a configuration manager of the configuration service data 
proc e ssing system ; and 

(d) - the configuration manager prompted by the step..(cXauthorisation server in step (c) contacts 

the connectivity unit at the assigned address of the latter on the data network in order to 
and downloads said operational communication parameters to the connectivity unit. 

12. (Amended) A method according to claim 11, wherein the co nn e ctivity unit s tor e s an id e ntity 
sequence- -specific -to- the connectivity -unitv-this -jdentity sequence of the connectivity unit is being 
included in the user name passed to the authorisation server and is_being checked by the latter 
against a database of valid identity sequences, access to the data network only being authorised if 
the identity sequence included in the user name is a valid one. 

13. (Amended) A method according to claim 1 1, wherein tte-eom^tivity-iimt-steres-an-identity 
s e quenc e sp e cific to th e conn e ctivity unit and . the authorisation server is associated with a 
configuration domain; the username passed by the connectivity unit to the data-network access 
point being of the form: 

identity sequence of connectivity unit @ configuration_domain 
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and the data-network access point recognising the 'coiifigurationdomain'. as indicating the 
authorisation server to be used and thereupon contacting the latter over the data network and 
passing it the identity sequence contained in the username it received from the connectivity unit. 

17. (Amended) A method according claim + 45, wherein .con^umcation 

unit and configuration service in step (C) is effected across a the communications infrastructure 
that comprises a data network to which the data -processing-system of the configuration service is 
connected, and an access network to which the user has a subscriber connection and which 
provides access to the data network through a data-network access point, the ..process of 
establishing a connection between the connectivity unit and the configuration service in step (C) 
said-seeend-phase jnvolving the following sub- steps: 

(a) - the connectivity unit connects via the user's subscriber connection across the access network 

to the data-network access point using addressing information for the latter held as part of 
said configuration communication parameters; 

(b) - the data-network access point authorises access by the connectivity unit to the data network 

on the basis of a username and password which are included in said configuration 
communications parameters and are passed to the access point by the connectivity unit, the 
data-network access point effecting this authorisation by using the services of an 
authori sation server of said- -datapfocessingsvstern associated with the configuration 
service ; 

(c) - upon access being authorised in step (b), the data-network access point assigns an address 

for the connectivity unit on the data network and passes this address to the connectivity 
unit; and 

(d) - the connectivity unit contacts the configuration manager over the data network at an 

address held by the connectivity unit as part of said configuration communication 
parameters, the configuration manager subsequently transmitting said operational 
communication parameters to the connectivity unit. 

18. (Amended) A method according to claim 17, wherein the conn e ctivity unit s tores an identity 
se quenc e sp e cific to th e conn e ctivity un it, this ..identity sequence of the connectivi ty unit is being 

12 



included in the user name passed to the authorisation server and is being checked by the latter 
against a database of valid identity sequences, access to the data network only being authorised if 
the identity sequence included in the user name is a valid one. 

19. (Amended) A method according to claim 17, wherein th e conn e ctivity unit store s an id e ntity 
se qu e nce sp e cific to th e conn e ct i v it y un it an d-the authorisation server is associated with a 
configuration domain; the username passed by the connectivity unit to the data-network access 
point being of the form: 

identity sequence of connectivity unit @ configuration_domain 
and the data-network access point recognising the 'configuration_domain' as indicating the 
authorisation server to be used and thereupon contacting the latter over the data network and 
passing it the identity sequence contained in the username it received from the connectivity unit. 

21. (Amended) A method according to claim 4- 45, wherein fu rt her co mp r i s ing a third phase in 
which at the end of step (O said second phase the data processing system the configuration 
service initiates the sending of a wake-up indication to the connectivity unit, the latter responding 
to receipt of this indication by seeking to connect across th e communication s infrastructur e to the 
service entity using the said operational communications parameters passed to it during said 
second phase _whereby to check that the connectivity unit has been correctly configured for 
communication with the service entity. 

23. (Amended) A method according claim 21, wherein communication between the connectivity 
unit and configuration service in step (D) is effected across a the communications infrastructure 
that comprises a data network to which the data processing- system of the configuration service is 
connected, and an access network to which the user has a subscriber connection and which 
provides access to the data network through a data-network access point; and wherein an 
identifier of the subscriber connection on said access network is stored with said user-related 
information, m the ^emputer -rec^rd ^f ihe -user-and said wake-up indication takinges the form of a 
call placed to said subscriber connection. 
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3 1 . (Amended) A configuration service system for configuring a connectivity unit for 
communication with a service entity across a communications infrastructure, said connectivity unit 
having configuration communications parameters pre-instaUed therein prior to a user taking 
possession of the unit, a public-key/private-key cryptographic key pair and configuration 
communication 

identity sequence of the un it; the configuration service system comprising: 

a data processing system including a store for holding user-related information; 

a call center to which user-related information about a new user of a connectivity unit can 

be passed for entry into the data processing system for storage in said store; the user-related 

information including the 'identity .sequence, of, t id e ntity data item ; 

and 

interface means for interfacing the data processing system with the communications 
infrastructure whereby to enable communication between the data processing system and 
the connectivity unit of the new user; access to the data processing system through the 
interface means requiring knowledge of at least one said configuration communications 
parameter; 

the data processing system further including: 

authentication means comprising means for yen the authenticity of a ^ sajd identjty r 

sequence certificate passed by a said connectivity unit to the data processing system across 
the communications infrastructure: 

means for accessing the user-related information held in said store on the basis of a said 
j^j^jty_sj^uejice_ identity data item , received acr o s s t h e communications infrastructure 
during the course of ^communieatiofl-with a said- from a said connectivity unit in a said 
identity-sequence certificate authenticated by the authentication means , this identity 
sequence, data it e m serving to identify the connectivity unit to the data processing system; 
means for deriving for the connectivity unit of said new user, operational communication 
parameters on the basis of said user-related information , these operational parameters 
including a user-id certificate associating the public key of the unit with a user identity 
derived. from.^ and 
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means for transmitting said operational communications parameters to the connectivity unit 
operational for use by the latter for communicating with said service entity. 



33. (Amended) A configuration service system according to claim 2-9 31. wherein the 
authentication means further comprises means for effecting a cryptographic-based challenge- 
response interchange between the connectivity unit and data processing system whereby to 
confirm that the connectivity unit is the possessor of the private key related to the public key 
passed in the identity-sequence certificate and thereby authenticate the unit as the one bearing the 
identity sequence included in the certificate. 

38. (Amended) A connectivity unit for communicating with a service entity across a 

communications infrastructure, said connectivity unit comprising: 

a store holding configuration communications parameters including a public-key / private- 
key cryptographic key pair with an identity-sequence certificate linking the public key to an 
identity sequence specific to the connectivity unit; 

communication means for establishing communication across said communications 
infrastructure with a remote entity in accordance with communications parameters held in 
said store, the communications means including authentication means for authenticating the 
connectivity unit to the remote entity, the authentication means comprising means for 
passing a key certificate to the remote entity, and 

configuration initiation means for causing the communication means to establish 
communication across said communications infrastructure with a configuration service by 
using said configuration communications parameters held in said store, the said key 
certificate used by the authentication means being the identity-sequence certificate; 
download means for downloading operational communications parameters from the 
configuration service and storing them in said store; and 

operational control means for causing the communication means to establish communication 
across said communications infrastructure with said service entity by using said operational 
communications parameters held in said storey 
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sdd.„QP^ 

public key to th e identity of a use r asso cia ted with conne ctivity unit, the use r-identity certificate 
being used as said key certificate by the authentication means for authenticating the connectivity 
unit to the service entity upon the operational control means causing the communication means to 
ertabUsL 

39. (Amended) A connectivity unit according to claim 38, wherein said authentication means 
further comprises means for generating and returning a response to a challenge issued by the 
remote entity, the generation of the response involving the use of said private key to effect a 
cryptographic operation on data included in the challenge. 
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